feat(scripts): add upload to S3 scripts

README.md

@@ -263,6 +263,64 @@ RESTORE_SKIP_MEDIA=1 ./scripts/restore.sh ./backups/qlockify-backup-YYYYMMDD-HHM
 RESTORE_SKIP_ENV=1 ./scripts/restore.sh ./backups/qlockify-backup-YYYYMMDD-HHMMSS.tar.gz
 ```
 
+Install backup upload prerequisites:
+
+```bash
+sudo apt update
+sudo apt install -y awscli openssl
+```
+
+Configure encrypted S3-compatible backup uploads in `./.env`:
+
+```bash
+S3_BACKUP_BUCKET=qlockify-backups
+S3_BACKUP_PREFIX=qlockify
+S3_BACKUP_REGION=us-east-1
+S3_BACKUP_ENDPOINT_URL=https://c284984.parspack.net
+S3_BACKUP_ACCESS_KEY_ID=
+S3_BACKUP_SECRET_ACCESS_KEY=
+BACKUP_ENCRYPTION_PASSPHRASE=
+BACKUP_LOCAL_KEEP_LATEST=1
+```
+
+Upload an encrypted backup to S3:
+
+```bash
+chmod +x ./scripts/backup-upload-s3.sh
+./scripts/backup-upload-s3.sh
+```
+
+Restore the latest encrypted backup from S3:
+
+```bash
+chmod +x ./scripts/restore-from-s3.sh
+./scripts/restore-from-s3.sh latest
+docker compose up -d --build
+```
+
+Restore a specific encrypted backup from S3:
+
+```bash
+./scripts/restore-from-s3.sh qlockify/qlockify-backup-YYYYMMDD-HHMMSS.tar.gz.enc
+docker compose up -d --build
+```
+
+Schedule daily encrypted uploads with cron:
+
+```cron
+0 2 * * * cd /home/ubuntu/qlockify-deployment && ./scripts/backup-upload-s3.sh >> ./backups/backup.log 2>&1
+```
+
+The S3 restore script supports the same partial restore flags:
+
+```bash
+RESTORE_SKIP_DB=1 ./scripts/restore-from-s3.sh latest
+RESTORE_SKIP_MEDIA=1 ./scripts/restore-from-s3.sh latest
+RESTORE_SKIP_ENV=1 ./scripts/restore-from-s3.sh latest
+```
+
+Keep `BACKUP_ENCRYPTION_PASSPHRASE` in a safe place outside the server. Encrypted backups cannot be restored without it.
+
 ## CI/CD with Gitea Actions
 
 This repository now ships with a Gitea Actions deployment workflow in: